What is claimed is: 



1 1 . A method for on-connect security scan and delivery, comprising: 

2 interfacing with a remote access infrastructure to detain a client in a 

3 virtual lobby when the client attempts to connect to a network; 

4 scanning the client to determine if the client complies with security 

5 requirements; and 

6 permitting connection to the network only if the client complies with the 

7 security requirements. 

1 2. The method as recited in claim 1 , further comprising: 

2 interfacing with at least one provider of at least one security mechanism 

3 to bring the client into compliance with the security requirements, if the client is 

4 not in compliance. 

1 3. The method as recited in claim 1 , further comprising: 

2 retrieving client information from a repository. 

1 4. The method as recited in claim 1, further comprising: 

2 performing a security risk assessment for the network; and 

3 creating the security requirements to address risks identified in the 

4 security risk assessment. 

1 5. The method as recited in claim 4, further comprising: 

2 storing the security requirements in a repository. 

1 6. The method as recited in claim 4, further comprising: 

2 updating the security requirements with a new policy; and 

3 interfacing with at least one provider to provide delivery of at least one 

4 security mechanism to at least partly implement the new policy. 
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1 7. The method as recited in claim 6, further comprising: 

2 certifying the at least one provider. 

1 8. The method as recited in claim 6, further comprising: 

2 storing the new policy in a repository. 

1 9. The method as recited in claim 6, further comprising: 

2 providing a custom configuration tool to at least partly implement the 

3 new policy. 

1 10. A network security authority system, comprising: 

2 a computing system in a virtual lobby between an inner firewall 

3 protecting a network and an outer firewall protecting the virtual lobby; 

4 a software component operable on the computing system to prevent an 

5 insecure connection between a client and the network by scanning the client to 

6 determine if the client complies with security requirements. 

1 11. The network security authority system as recited in claim 10, wherein, if 

2 scanning reveals non-compliance, the software component provides at least one 

3 security mechanism to the client so that the client complies with the security 

4 requirements before permitting the client to connect to the network. 

1 12. The network security authority system as recited in claim 1 0, further 

2 comprising: 

3 a remote access infrastructure to interface with the software component. 

1 13. The network security authority system as recited in claim 1 2, wherein the 

2 remote access infrastructure processes at least dialup and virtual private network 

3 (VPN) connections. 

1 14. A method for on-connect security scan and delivery, comprising: 

2 controlling configuration of a plurality of security mechanisms for a 
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3 client based on security requirements for a network; 

4 scanning the client for an indication of whether the client complies with 

5 the security requirements; 

6 providing a delivery assistant to the client to install and configure at least 

7 one of the plurality of security mechanisms; and 

8 permitting connection to the client, only if the client complies with the 

9 security requirements. 

1 15. The method as recited in claim 14, further comprising: 

2 certifying third-party security mechanisms that meet the security 

3 requirements; and 

4 distributing the certified third-party security mechanisms to the client 

5 through the delivery assistant. 

1 16. The method as recited in claim 14, further comprising: 

2 storing client information, delivery information, and security 

3 requirements in a repository. 

1 17. The method as recited in claim 14, further comprising: 

2 providing an optional delivery to the client. 

1 18. The method as recited in claim 14, further comprising: 

2 presenting a security warning to the client. 

1 19. The method as recited in claim 1 8, further comprising: 

2 scheduling a future delivery for the client. 

1 20. A network security authority system, comprising: 

2 a virtual lobby computing system in communication with two firewalls to 

3 protect a network from insecure clients attempting to connect to the network; 

4 a scanning component operable on the computing system to determine if 

5 a client complies with security requirements and to determine if lacking security 
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6 mechanisms are available for delivery; and - * 

7 a delivery component operable on the computing system to deliver 

8 available security mechanisms to the client. 

1 21. The network security authority system as recited in claim 20, further 

2 comprising: 

3 a repository component in communication with the computing system to 

4 store the security requirements. 

1 22. The network security authority system as recited in claim 2 1 , wherein the 

2 repository component is a database management system. 

1 23 . The network security authority system as recited in claim 22, wherein the 

2 repository component operates to manage the security requirements and 

3 associated delivery instructions for available security mechanisms. 

1 24. The network security authority system as recited in claim 20, further 

2 comprising: 

3 a certification system in communication with the computing system to 

4 certify third-party security mechanisms that meet the security requirements. 

1 25. An article of manufacture having instructions stored on it that cause a 

2 computing system to operate as a network security authority, the instructions 

3 comprising: 

4 detaining a client that is attempting to connect to a network in a virtual 

5 lobby, the virtual lobby being between an outer firewall and an inner firewall, 

6 the inner firewall being between the virtual lobby and the network; 

7 providing resources for scanning the client to verify the client complies 

8 with security requirements; 

9 providing implementation resources to help the client to comply with 

10 security requirements; and 

1 1 denying permission for the client to connect to the network upon 
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12 determining that the client does not comply with security requirements and that 

13 the implementation resources to bring the client into compliance are not 

14 available. 

1 26. The instructions as recited in claim 25, further comprising: 

2 providing warnings for select security requirements and permitting the 

3 client to connect to the network; and 

4 enforcing rules for overriding the select security requirements; 

5 wherein the rules for overriding are adaptably defined under the 

6 circumstances. 

1 27. The instructions as recited in claim 25, further comprising: 

2 scheduling later operations to bring the client into compliance for select 

3 security requirements. 

1 28. The instructions as recited in claim 25, further comprising: 

2 providing a presentation notifying the client of scanning. 

1 29. The instructions as recited in claim 25, further comprising: 



2 providing a presentation of implementation resources information to the 

fy 3 client. 



1 30. The instructions as recited in claim 25, further comprising: 

2 providing a presentation of a compliance status to the client. 

1 31. A network security authority system, comprising: 

2 a network; 

3 an inner firewall to prevent unauthorized access to the network; 

4 a virtual lobby to determine if a client complies with security 

5 requirements; 

6 an outer firewall to prevent unauthorized access to the virtual lobby; 

7 a computing system in communication with the virtual lobby; and 
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8 a software component operable on the computing system in the virtual 

9 lobby to determine if the client complies with the security requirements and to 

10 provide delivery of any security mechanisms required for the client to comply 

1 1 with the security requirements, before allowing the client access to the network 

12 inside the inner firewall. 



1 32. The system as recited in claim 3 1 , wherein the software component 

2 comprises: 

3 a scanning component operable on the computing system to scan a client 

4 for security mechanisms complying with the security requirements, when the 

5 client attempts to connect to the computing system; 

6 a delivery component operable on the computing system to provide 

7 deliveries to the client to comply with the security configuration; and 

8 a repository component operable on the computing system and having 

9 repository tools accessible by the scanning component and the delivery 

10 component, the repository component to hold the security requirements, and 

1 1 delivery information. 

1 33. The system as recited in claim 32, wherein the repository component also 

2 holds security policy information. 

1 34. The system as recited in claim 33, wherein the repository component 

2 comprises a policy management system. 



1 35. A method of doing business, comprising: 

2 providing a software product to an enterprise configured to scan clients 

3 attempting to connect to a network and to provide delivery of security 

4 mechanisms to comply with security requirements; 

5 updating security requirements in the software product; and 

6 integrating delivery of new security mechanisms into the software 

7 product when the security requirements are updated. 
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1 36. The method of doing business as recited in claim 35, wherein providing 

2 delivery of security mechanisms comprises providing webpages for 

3 downloading. 

1 37. The method of doing business as recited in claim 35, wherein the 

2 delivery of security mechanisms is semi-automatically integrated into the 

3 software product. 

1 38. The method of doing business as recited in claim 35, further comprising: 

2 eliminating a security mechanism from the software product when it is no 

3 longer needed to comply with the security requirements. 

1 39. The method of doing business as recited in claim 35, further comprising: 

2 contracting with a vendor to provide delivery of at least one security 

3 mechanism. 

1 40 . The method of doing business as recited in claim 39, further comprising: 

2 tracking revenue generated from deliveries to the client over time and 

3 delivering at least a percentage of the revenue to the enterprise. 

1 41. The method of doing business as recited in claim 39, further comprising: 

2 tracking revenue generated from deliveries by the vendor over time and 

3 delivering at least a percentage of the revenue to the enterprise. 

1 42. The method of doing business as recited in claim 39, wherein the at least 

2 one security mechanism is an anti-virus software product. 
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